Ensure custom script execution is restricted on personal sites
Why This Matters
Custom scripts on OneDrive or self-service created sites can expose your organization to significant security risks. Because scripts run in the context of the visiting user, they can access all data that user has permissions to, including Microsoft 365 content and Microsoft Graph resources. Without restricting custom script execution, you lose the ability to audit what code is running, where it came from, and who deployed it, making it nearly impossible to govern your SharePoint environment.
What Aether365 Checks
Aether365 verifies that custom script execution is restricted on both personal OneDrive sites and self-service created SharePoint sites. This check appears in the Aether365 dashboard under microsoft-365 compliance checks aligned with the CIS Microsoft 365 Foundations Benchmark.